Pages

Thursday, November 04, 2010

Arachni – Web Application Vulnerability Scanning Framework

Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while traveling through each path of a web application’s cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.

The project aims to:

Provide a stable and efficient framework

Developers should be allowed to easily and quickly create and deploy modules with the minimum amount of restrictions imposed upon them, while provided with the necessary infrastructure to accomplish their goals. Module writers should be able to take full advantage of the Ruby language under a unified framework that will increase their productivity without stifling them or complicating their tasks. Basically, give them the right tools for the job and get the hell out of their way.

Be simple

Well, not simple in general. Some parts of the framework are fairly complex. However, the module and report APIs are very similar and very simple.

Be developer and user friendly

Users should be able to make the most out of Arachni without being confused or overwhelmed. Developers unfamiliar with the framework should be able to write working modules and reports immediately after a small glance at an existing one.